{"schema_version": "1.6.1", "id": "CVE-2023-29216", "summary": "Apache Linkis DatasourceManager module has a deserialization command execution", "details": "\nIn Apache Linkis <=1.5.0, because the parameters are not\neffectively filtered, the attacker uses the MySQL data source and malicious parameters to\nconfigure a new data source to trigger a deserialization vulnerability, eventually leading to\nremote code execution.\n Versions of Apache Linkis <= \n\n1.5.0\n\n will be affected.\nWe recommend users upgrade the version of Linkis to version 1.6.0.\n", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0"}, {"fixed": "1.6.0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/18vv0m32oy51nzk8tbz13qdl5569y55l"}]}